Invoking Secured WebServices

-
Accepting TrustStrategy without TrustMaterial

This tutorial demonstrates the invocation of secured webservices using RestTemplate

— tvajjala

When your web services are secured by HTTPs(self signed) protocol, and you are trying to access them using RestTemplate you will get following exceptions:

unable to find valid certification path to requested target; nested exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

There are two ways we can make it work.

  1. Accepting TrustStrategy without TrustMaterial

  2. Loading TrustMaterial into SSLContext (Recommended)

Accepting TrustStrategy without TrustMaterial

We just ignore https certification by customizing restTemplate as shown below

    /**
     * default restTemplates since we are skipping sslVerification
     *
     * @return RestTemplate {@link RestTemplate}
     * @throws Exception {@link Exception}
     */
    @Bean
    public RestTemplate restTemplate() throws Exception {

        return new RestTemplate(new HttpComponentsClientHttpRequestFactory(httpClient()));
    }


    /**
     * default httpClient
     *
     * @return httpClient
     * @throws Exception exception
     */
    HttpClient httpClient() throws Exception {
        SSLConnectionSocketFactory csf = new SSLConnectionSocketFactory(getSSLContext(false));
        return HttpClients.custom().setSSLSocketFactory(csf).build();
    }


    /**
     * Create sslContext in a two different ways
     *
     * @param trusted IsTrusted
     * @return sslContext
     * @throws Exception exception
     */
    SSLContext getSSLContext(boolean trusted) throws Exception {

        if (trusted) {
            return new SSLContextBuilder().loadTrustMaterial(new ClassPathResource("swagger.jks").getFile(), "swagger".toCharArray()).build();
        }

        TrustStrategy acceptingTrustStrategy = (X509Certificate[] chain, String authType) -> true;
        return SSLContexts.custom().loadTrustMaterial(null, acceptingTrustStrategy).build();

    }

Create JKS file and load that file into trust material.

    /**
     * trusted RestTemplate
     *
     * @return RestTemplate {@link RestTemplate}
     * @throws Exception
     */
    @Bean
    RestTemplate trustedRestTemplate() throws Exception {
        return new RestTemplate(new HttpComponentsClientHttpRequestFactory(trustedHttpClient()));
    }


    /**
     * keyStore based httpClient trusted
     *
     * @return HttpClient  {@link HttpClient}
     * @throws Exception exception
     */
    HttpClient trustedHttpClient() throws Exception {
        HttpClientBuilder builder = HttpClientBuilder.create();
        builder.setSSLContext(getSSLContext(true));
        return builder.build();
    }

Generate JKS file from .cer

  • Export the certificate to a file from your https webServices

Go to your browser export certifcate (swagger.cer)

  • Import into JKS

Import the certificate to trusted domain cacerts using the keytool.

But you need to import it to the keystore that your java_home uses when running your programs above

The command below will add certificate file "swagger.cer" to keystore in file "cacerts.jks".

The alias is "swagger" :

keytool.sh
keytool -import -trustcacerts -alias swagger -file swagger.cer -keystore cacerts.jks

Verify all imported certificates in JKS file with below command

list.sh
keytool -list -v -keystore swagger.jks

Source Code

Refer github project for complete source code of this tutorial

https://github.com/tvajjala/invoking-secure-ws.git

Comments

Post a Comment

Popular posts from this blog

IBM Datapower GatewayScript

-
Introduction IBM API Assembly Language Introduction GatewayScript is a new transformation technology for API, Web, and Mobile and is available in DataPower. GatewayScript is based on the JavaScript programming language. More precisely, it supports the ECMAScript 5.1 version of the specification. On the DataPower appliance, JavaScript runs in ‘strict’ mode only. The strict mode provides a more consistent and more disciplined behavior. For example, if a script attempts to write a property of a DataPower API object and that object is frozen, an immediate exception is thrown. The ‘strict’ mode behavior supports stronger error checking and handling and increases security. DataPower Playground (GatewayScript Fiddle) IBM DataPower Playground is an interactive website that lets you write GatewayScript code and execute it on a cloud-hosted DataPower Gateway for learning purposes. Available at : https://datapower-playground.mybluemix.net/ GatewayScript provides
Read more

Spring boot Kafka Integration

-
Image
Introduction Introduction K afka is an open source streaming platform which scales very well in a horizontal way without compromising speed and efficiency. The Kafka core is written in Scala , and Kafka Streams and KSQL are written in Java . Features Kafka is a service bus To connect heterogeneous applications, we need to implement a message publication mechanism to send and receive messages among them. A message router is known as message broker . Kafka is a message broker , a solution to deal with routing messages among clients in a quick way. Kafka architecture has two directives The first is to not block the producers (to deal with back pressure). The second is to isolate producers and consumers . The producers should not know who their consumers are, hence the kafka follows the dumb broker and smart clients model. Tip Back pressure is to make applications robust against data surges. when producer generates data higher rate tha
Read more

Spring boot SOAP Web Service Performance

-
Image
Consumng This tutorial walks you through the process of consuming a SOAP-based web service with Spring. It elucidates following items Making parallel calls with RxJava (or WebFlux ) Sending large SOAP message payloads using AXIOM( AXis Object Model) AxiomSoapMessageFactory .(which improves performance) Marshalling( is the process of transforming the memory representation of an object to a data format suitable for storage or transmission) Marshalling (XML Serialization) done with O/X Mappers, different types of mappers out there and choose appropriate one for your need. Castor XML mapping is an open source XML binding framework. It allows you to transform the data contained in a java object model into/from an XML document. By default, it does not require any further configuration, though a mapping file can be used to have more control over the behavior of Castor. The Spring integration classes reside in the org.springframework.oxm.castor pa
Read more